feat: migrate fider
All checks were successful
Renovate / renovate (push) Successful in 17s

This commit is contained in:
Peter 2024-02-22 16:05:56 +01:00
parent 80721ce1da
commit 0754148bb1
Signed by: prskr
GPG key ID: F56BED6903BC5E37
8 changed files with 208 additions and 0 deletions

21
fider/config/base.env Normal file
View file

@ -0,0 +1,21 @@
HOST_DOMAIN=fider.icb4dc0.de
LOG_SQL="false"
LOG_STRUCTURED="true"
LOG_LEVEL="DEBUG"
# Metrics
METRICS_ENABLED=true
METRICS_PORT=4000
HOST_MODE=multi
# SMTP setup
EMAIL_SMTP_HOST=smtp.gmail.com
EMAIL_SMTP_PORT="587"
EMAIL_SMTP_ENABLE_STARTTLS='true'
# Blog storage
BLOB_STORAGE=s3
BLOB_STORAGE_S3_REGION=us-east-1
BLOB_STORAGE_S3_ENDPOINT_URL=https://2df513adaee2eeae12106af900bed297.r2.cloudflarestorage.com
BLOB_STORAGE_S3_BUCKET=fider

View file

@ -0,0 +1,48 @@
apiVersion: v1
kind: Secret
metadata:
name: fider-secret-config
stringData:
#ENC[AES256_GCM,data:vwh0HqyenM9A/otfsYrVAIYoivvbQ/IZkrohaeuMSRLDFpnr5TDD0CY93N84,iv:Y4RTLSQCKG9YIsyALJXVnSU9KRVPViFiNah7cpPj7ws=,tag:V5+AGSJ3RlBh18oVI6QoFA==,type:comment]
DATABASE_URL: ENC[AES256_GCM,data:I1FYx2MxmCVRv5f7TdyjFLElzbA2kPuwYHTtFeECkfBChNiVNgVJnKKTdTvfHgz9tazME8e8FzVrbQ+XkTaTnT0vPtDISTuzPbq4EK+wDQbmz+M0BW7Me1wz2061NVd+uXpFWaj6jg2PcY41TYptT6s=,iv:J2isIwnf4wkObZSSIBWyjiFNHDwOw+jT0/kGOtAbV9M=,tag:HiK1ZA3pv4uohTKWvVrmHg==,type:str]
#ENC[AES256_GCM,data:QXY/wGzJDrdgfEwE/Zq98dQ=,iv:3ZC3JGlZeBslZN5a5ndYoNA4BwdZ8Kb49tNrJXh3c74=,tag:i8dp8nj7ZUO4H25mCJFJZg==,type:comment]
EMAIL_NOREPLY: ENC[AES256_GCM,data:1lBgr0jlpfqapy/Be5y8y/9iSQ==,iv:duh4+wgwMgprUPr5jNtLvm1RG4gLB8zRUW4KH+aQIGo=,tag:b0D3PGDsEvjj6modicar6g==,type:str]
EMAIL_SMTP_PASSWORD: ENC[AES256_GCM,data:ldpok+OwavUpP487Gh52I858MRuTITiVdQ==,iv:RBcKpTo/F6Wqc715U89VCdojEemwHEjETTPZP6z3lj8=,tag:3eye+x5YqS0Y6oP75lE2BQ==,type:str]
EMAIL_SMTP_USERNAME: ENC[AES256_GCM,data:+ft+YqLBBgqo0AGl5c1dQyl4Uw==,iv:t8pt2lj2sht3nMyfzCQoRe1hYapydvQt0ylDUxBLieo=,tag:lxMQ8bIjNZz6y+jgBedMyQ==,type:str]
#ENC[AES256_GCM,data:tKFIJYaKj470Wukj+0kh,iv:iVl3U363ioCdvOGBxAq+on9PLHqPeZO9Zs26kP9z1RQ=,tag:4KDR6lCtgwZVuJ3Uc+LuIw==,type:comment]
JWT_SECRET: ENC[AES256_GCM,data:8xfY6sn3yVVd6UwqmDj5VR9kjf91GJKkAxxNwVPI7mfeoPkH+xdCVon88SHQ1Lh7XRDeWK/Fjt6LCpWqlntwBA==,iv:p2pL9B3QdKPb9Ifup9zMZlKYGJM0s+L7+P0buI6855g=,tag:gQWBoV77HsH9TAk6CUxKJQ==,type:str]
#ENC[AES256_GCM,data:tRPJxSMKKV36Tm28Om1xg6RFvKckNLFClw==,iv:qhAuF4zUrwgPyIG/2U28fz3FWbiOCDBtzhO7jux47Bg=,tag:BfOepgY9Z6/BfOwfNar5YA==,type:comment]
OAUTH_GITHUB_CLIENTID: ENC[AES256_GCM,data:EGvHYukKGoeqJtFkTDnJoXGGzvg=,iv:CrPC/TUd+A9jYt17R2MLe4h+OArcZPXMbUbn/e+1S4o=,tag:ptEDPa2FmFfHaf0IV+hIIQ==,type:str]
OAUTH_GITHUB_SECRET: ENC[AES256_GCM,data:EX4MeNyiJfOOM5tpIiVsWzN4PwxGKaiuEp/x2yLB6DKERUqnXBjPHQ==,iv:zIzv5x43gurxC0OPZAJ15kMuK/0YA8UWULns49W8tWE=,tag:yq/IT69Dk7BtJ5k+8HNu6A==,type:str]
#ENC[AES256_GCM,data:yepnpyfmV9t5CRucNg==,iv:186ZrE/ynkFhDjcmbdY+0eM//BWDMkQKQkUUj2OX0gw=,tag:3zjeG1sveTCCARG30vrtQQ==,type:comment]
BLOB_STORAGE_S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:h6C2TxHcBJH5a2+OGckctvKUnXLbe8gbH3OpQ1s8znw=,iv:VtB1MAb4lqUcPbSQzf/o1bPFEqtd9FYhdrItLIv9GQk=,tag:MbuJfTZPJSSzT/89IDXCig==,type:str]
BLOB_STORAGE_S3_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:nFbcxS5IJz2YOJZx15hRYGrfGdcN7FI7Z2k1C5uLRHXllqvbRw09ZFn0ed2ORH8mDSl/0NHzjtD4cTdZ8L/fOg==,iv:4Vgb9qBQD8kgr4iBVEsaQTY+i58MUu+Bu80XjZAY78Q=,tag:VSp88f5T+WV2ngvW6mHbYA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1MHkwN1AyY0twMzlYT29D
bXBPTE4vV3lCZFROTG5FS2ZteHVWbjE3clVBCmFWV3FVYTMvejBINzZ1Sk5lcEFF
NTMvSWJlQ2Nad1oxNkVJdFlHbkdja2MKLS0tIDFicWs5QUlPeVpieitqRVNhSXEy
L3JKV0YzOUcvLys3TWd0Q3pOcFBsczQKxyY1BbhiAcFnEwMO3uEEssGX4vM9pjwo
0hvqWULdsl6NpVd91lOpKgp9XwROSKwdYp5U0XX4oRF1mAI137a8WA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0SHY0STF0TGJia2dqRk5k
QVpUeEsvUUpaUjBzOGtNV2dlQzBSNzVZNkRJCkxNc3RBUmgwVDBId3pqY2R6eWNa
WjZ6ZXV6RjFaWnp4ZXUveHBsMG1DR28KLS0tIEVOeGFPTUszbmYxU1hYZENZUWdl
bTk2dytOMmE0UkZYNUdOWHZuelJBK2sKCT4UeF/m0mMqs6jbT1KMLfx6YTQTwkbK
7WcJKPlg2Jqmqi2G1tqKcjMui0g19vKPRDWGdtIOyYB83ThAVG0znA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-21T20:00:49Z"
mac: ENC[AES256_GCM,data:wDVyJOyMbbcQf/LIypuKIXYskE1+xlg43UY2NV3xIRZfVxN4uAJBtEEas+T6Y3jJoLJOkwjzkvncCv0cxzlJSQYmfoidaBIpNPKi6fSR1LjxELG0ErblVY/usgJ/ACvIfN+6SUC1sK/wxIbpLT+8TeUCvHEj/iuq0hslgdsomks=,iv:MdET9ouW4AVsbpLDtLpHzGQ6RTAHx3GvJg5TVaMzNug=,tag:UUDSIeK0cfd7Otn2XlsxlA==,type:str]
pgp: []
unencrypted_regex: ^(apiVersion|metadata|kind|type)$
version: 3.8.1

24
fider/kustomization.yaml Normal file
View file

@ -0,0 +1,24 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: fider
labels:
- includeSelectors: true
pairs:
app.kubernetes.io/instance: icb4dc0de-feedback
app.kubernetes.io/managed-by: kustomize
resources:
- "resources/namespace.yaml"
- "resources/deployment.yaml"
- "resources/service.yaml"
- "resources/http_routes.yaml"
secretGenerator:
- name: fider-base-config
envs:
- "config/base.env"
generators:
- ./secret-generator.yaml

View file

@ -0,0 +1,46 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: fider
spec:
replicas: 2
selector:
matchLabels:
app.kubernetes.io/name: fider
template:
metadata:
labels:
app.kubernetes.io/name: fider
spec:
containers:
- name: fider
image: docker.io/getfider/fider:stable
ports:
- containerPort: 3000
protocol: TCP
name: web
envFrom:
- secretRef:
name: fider-base-config
- secretRef:
name: fider-secret-config
resources:
limits:
cpu: 200m
memory: 200Mi
requests:
cpu: 50m
memory: 50Mi
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- fider
topologyKey: topology.kubernetes.io/zone

View file

@ -0,0 +1,39 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: fider-http
spec:
parentRefs:
- name: contour
sectionName: http
namespace: projectcontour
hostnames:
- fider.icb4dc0.de
- login.fider.icb4dc0.de
- community.buildr.icb4dc0.de
- community.inetmock.icb4dc0.de
rules:
- filters:
- type: RequestRedirect
requestRedirect:
scheme: https
statusCode: 301
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: fider-https
spec:
parentRefs:
- name: contour
namespace: projectcontour
hostnames:
- fider.icb4dc0.de
- login.fider.icb4dc0.de
- community.buildr.icb4dc0.de
- community.inetmock.icb4dc0.de
rules:
- backendRefs:
- name: fider
port: 3000

View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: fider
labels:
prometheus: default

View file

@ -0,0 +1,12 @@
---
apiVersion: v1
kind: Service
metadata:
name: fider
spec:
selector:
app.kubernetes.io/name: fider
ports:
- protocol: TCP
port: 3000
targetPort: 3000

View file

@ -0,0 +1,11 @@
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
# Specify a name
name: fider-secret-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
files:
- config/fider-secrets.enc.yaml